FW: [Dshield] odd udp port 0 traffic

Funk Jr, Joseph C. jcfunkjr at co.bucks.pa.us
Thu Mar 18 21:27:43 GMT 2004

Excuse me, here is that german link,


-----Original Message-----
From: Funk Jr, Joseph C. 
Sent: Thursday, March 18, 2004 4:24 PM
To: 'General DShield Discussion List'
Cc: 'jimmythegeek at techemail.com'
Subject: RE: [Dshield] odd udp port 0 traffic

Check this out, this looks very interesting http://people.ists.dartmouth.edu/~gbakos/bindsweep/ 

about malformed DNS messages involving format error and a possible cause, a virus, called W32/Calypso-tr.

As far as the purpose of the traffic, according to the above link, "it could "result in a denial-of-service (DoS) attack if the server attempts to parse the packet but is unable to"".

and finally directs to this link about the above http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=viewVirusDetailsInfoDirectly&fid=526 for a description of the W32/Calypso-tr virus if this is in fact the culprit.

Sidenote, that IP was detected by a fake open relay 'honeypot' back in 2002 doing pings every 40 minutes, along with a few other IP's.  Here is the english translation of the posting (its a poor translation but you get the drift).

Joseph C Funk Jr

More information about the list mailing list